SSO

Enabling Active Directory / LDAP / LDAPS Authentication In vCenter 8.0

by Florian Grehl
July 5, 2023
1 Comment

This article describes how to integrate VMware vCenter Server into your authentication infrastructure. Identity sources can be Microsoft Active Directory installations or OpenLDAP.

Bundled with the vCenter Servers is an internal user database that allows you to add and manage Users from the vCenter UI. Users management and Single Sign-On are provided by the embedded Platform Service Controller. In a large environment, you might want to connect your virtualization infrastructure to a centrally managed identity provider.

How to Configure LDAPS Authentication in vCenter 7.0

by Florian Grehl
July 22, 2020
7 Comments

This article explains how to configure LDAPS authentication in vCenter 7.0.
Read More »How to Configure LDAPS Authentication in vCenter 7.0

How to add AD Authentication in vCenter 7.0

by Florian Grehl
July 19, 2020July 23, 2020
4 Comments

The vCenter Server has an internal user database that allows you to add and manage users very easily. Users management and Single Sign-On is provided by the embedded Platform Service Controller which is available since vSphere 6.0. In a large environment, you might want to connect your virtualization infrastructure to a centrally manage Active Directory.

This article explains how to add AD authentication in vSphere 7.0 and how to get the "Use Windows session authentication" checkbox to work with the "Enhanced Authentication Plugin".

How to add AD Authentication in vCenter 6.5/6.7

by Florian Grehl
January 8, 2017May 14, 2018
17 Comments

The vCenter Server has an internal user database that allows you to add and manage users with the vSphere Web Client. Users management and Single Sign-On is provided by the Platform Service Controller which is available since vSphere 6.0. In a large environment, you might want to connect your virtualization infrastructure to a centrally manage Active Directory.

This article explains how to add AD authentication in vSphere 6.5 and how to get the "Use Windows session authentication" checkbox to work with the enhanced authentication plugin. This works for both, the vCenter Server 6.5 installed on a Windows Server and the vCenter Server Appliance (vCSA).

How to Join the vCSA 6.5/6.7 to an Active Directory Domain

by Florian Grehl
January 8, 2017May 15, 2018
13 Comments

In vSphere 6.5 the underlying operating system from the vCenter Server Appliance (vCSA) has been changed to VMwares PhotonOS. With the new OS, you can still join an Active Directory domain to comply with company policies, or if you want to use windows session authentication. Joining an Active Directory domain is included in the infrastructure node configuration which is part of the Platform Services Controller. Please verify standard AD requirements like time synchronization and naming prior to joining a domain.

If you want to log in with the "Windows session authentication" checkbox, you have to add the appliance running the Platform Services Controller (PSC) to the domain. For embedded deployments, join the appliance running both, the vCenter and the PSC to the domain.

vSphere 6.5 Component Password Recovery (vCenter, SSO and ESXi)

by Florian Grehl
January 1, 2017

Everyone knows the situation where you can't log into a system because you have forgotten the password. The following article explains how to reset the password and regain access to VMware vSphere 6.5 core components including vCenter, SSO and ESXi Hosts.

Reset vCenter Server Appliance 6.5 root password
Reset SSO Administrator Password (vCenter Server Appliance 6.5)
Reset ESXi root password with Host Profiles
Gain Administrative ESXi access with an Active Directory
Reset ESXi root password (Linux Live CD)

How to add AD Authentication in vCenter 6.0 (Platform Service Controller)

by Florian Grehl
February 4, 2015May 15, 2018
19 Comments

Platform Service Controller is a new component in vSphere 6.0. The PSC contains all the services that vCenter needs for its functions including Single Sign-On (SSO). This post describes how to configure AD authentication in vCenter Server 6.0.

The method shown in this post allows you to manage users and groups in your central directory. This works for both, the vCenter Server 6.0 installed on Windows Server and the vCenter Server Appliance (VCSA). vsphere60-login-screen

Howto: AD Authentication in vCenter SSO 5.5

by Florian Grehl
September 26, 2013September 26, 2013
23 Comments

With the recently released VMware vSphere 5.5, the component Single-Sign-On (SSO) has been completely rewritten. The biggest change is that the RSA database has been removed, which eliminates much of its complexity. There is also a new identity type (Active Directory (Integrated Windows Authentication)) that works without specifying the AD Controllers directly, like the old vSphere 4.x / 5.0 authentication. The whole process is much easier. This post shows how to enable Active Directory Authentication within the new vSphere 5.5 Single-Sign-On. If you are using vSphere 5.1, read this post.

The method shown in this post allows you to manage users and groups in your central directory. This works for both, the vCenter Server 5.5 installed on Windows Server and the vCenter Server Appliance (VCSA).

Match VMware vCenter 5.1 Component Versions

by Florian Grehl
June 1, 2013
1 Comment

With the separation of the vCenter Service into 4 components in vSphere 5.1 (vCenter Single Sign On, vCenter Inventory Service, vCenter Server and vSphere Web Client) there is a possible issue that you could have mismatched services installed. When you install an update you have to install all components one after another without having a workflow to check that all have been updated. I have already written about the update process from 5.1 to 5.1u1 and their versions but this is not the only update available. Now I've created an overview of all possible vCenter 5.1 version numbers that can be identified in the Control Panel.

Howto: vCenter 5.1 SSO with trusted Active Directory

by Florian Grehl
April 14, 2013April 17, 2013
1 Comment

There are a lot of pitfalls when you want to deploy or update to VMware vSphere 5.1. Beside the vSphere Web Client, the most discussed new component is the new authentication engine called Single Sign On (SSO) which is mandatory for the vCenter Server. I've already written about a simple deployment scenario where a vCenter Server (Appliance or Installable) can be authenticated against a single Active Directory domain. In this post i am going to explain the changes and straits when using multiple trusted Active Directory Domains.